Index: doc/src/sgml/client-auth.sgml
===================================================================
RCS file: /projects/cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v
retrieving revision 1.91
diff -c -r1.91 client-auth.sgml
*** doc/src/sgml/client-auth.sgml 18 Jun 2006 15:38:35 -0000 1.91
--- doc/src/sgml/client-auth.sgml 21 Aug 2006 18:21:27 -0000
***************
*** 938,944 ****
and the LDAP server. The connection between the client and the
PostgreSQL server is not affected by this setting. To make use of
TLS encryption, you may need to configure the LDAP library prior
! to configuring PostgreSQL.
If no port is specified, the default port as configured in the
--- 938,945 ----
and the LDAP server. The connection between the client and the
PostgreSQL server is not affected by this setting. To make use of
TLS encryption, you may need to configure the LDAP library prior
! to configuring PostgreSQL. Note that encrypted LDAP is not available
! on all platforms, depending on the systems LDAP library.
If no port is specified, the default port as configured in the
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /projects/cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.139
diff -c -r1.139 auth.c
*** src/backend/libpq/auth.c 14 Jul 2006 14:52:19 -0000 1.139
--- src/backend/libpq/auth.c 21 Aug 2006 18:12:35 -0000
***************
*** 73,85 ****
#define LDAP_DEPRECATED 1
#include
#else
- /* Header broken in MingW */
- #define ldap_start_tls_sA __BROKEN_LDAP_HEADER
#include
- #undef ldap_start_tls_sA
/* Correct header from the Platform SDK */
! WINLDAPAPI ULONG ldap_start_tls_sA (
IN PLDAP ExternalHandle,
OUT PULONG ServerReturnValue,
OUT LDAPMessage **result,
--- 73,82 ----
#define LDAP_DEPRECATED 1
#include
#else
#include
/* Correct header from the Platform SDK */
! typedef ULONG (WINLDAPAPI *__ldap_start_tls_sA)(
IN PLDAP ExternalHandle,
OUT PULONG ServerReturnValue,
OUT LDAPMessage **result,
***************
*** 713,718 ****
--- 710,716 ----
static int
CheckLDAPAuth(Port *port)
{
+ static __ldap_start_tls_sA _ldap_start_tls_sA = NULL;
char *passwd;
char server[128];
char basedn[128];
***************
*** 810,816 ****
#ifndef WIN32
if ((r = ldap_start_tls_s(ldap, NULL, NULL)) != LDAP_SUCCESS)
#else
! if ((r = ldap_start_tls_sA(ldap, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS)
#endif
{
ereport(LOG,
--- 808,842 ----
#ifndef WIN32
if ((r = ldap_start_tls_s(ldap, NULL, NULL)) != LDAP_SUCCESS)
#else
! if (_ldap_start_tls_sA == NULL)
! {
! /* Need to load this function dynamically because it does not exist on Windows 2000,
! * and causes a load error for the whole exe if referenced.
! */
! HANDLE ldaphandle;
!
! ldaphandle = LoadLibrary("WLDAP32.DLL");
! if (ldaphandle == NULL)
! {
! /* should never happen since we import other files from wldap32, but check anyway */
! ereport(LOG,
! (errmsg("could not load wldap32.dll")));
! return STATUS_ERROR;
! }
! _ldap_start_tls_sA = (__ldap_start_tls_sA)GetProcAddress(ldaphandle, "ldap_start_tls_sA");
! if (_ldap_start_tls_sA == NULL)
! {
! ereport(LOG,
! (errmsg("could not load function _ldap_start_tls_sA in wldap32.dll. LDAP over SSL is not supported on this platform.")));
! return STATUS_ERROR;
! }
!
! /* Leak ldaphandle on purpose, because we need the library to stay open. This is ok because
! * it will only ever be leaked once per process and is automatically cleaned up on process
! * exit.
! */
! }
! if ((r = _ldap_start_tls_sA(ldap, NULL, NULL, NULL, NULL)) != LDAP_SUCCESS)
#endif
{
ereport(LOG,